Salesforce.com and Twitter didn't comment Friday about news reports that Salesforce.com is in the early stages of mounting a takeover bid for Twitter. A tweet from Salesforce Chief Digital Evangelist Vala Afshar posed reasons why Twitter is an attractive target for purchase. Afshar later clarified that his tweet reflected his personal views rather than Salesforce's official position. Twitter stock closed Friday up 21 percent to $22.62.

Sen. Ted Cruz, R-Texas, cited Republican presidential nominee Donald Trump's support for delaying the planned Internet Assigned Numbers Authority transition as one of six “vital” policy reasons Cruz decided to endorse Trump's candidacy Friday. The Trump campaign said Wednesday it backed a push by congressional Republicans to delay the transition through language in a short-term continuing resolution to fund the government when FY 2016 ends Sept. 30 (see 1609210070). Senate Republicans filed non-compromise CR language Thursday that didn't contain the transition delay language (see 1609220067), drawing some GOP criticism (see 1609230031). Democratic presidential nominee Hillary Clinton supported the IANA transition in a tech policy agenda released in June (see 1606280071), which shows her commitment to “hand over control of the Internet to an international community of stakeholders, including Russia, China and Iran,” Cruz said in a Facebook post. Cruz's endorsement comes more than two months after he refused to back Trump during a speech at the Republican National Convention. Cruz said he chose to endorse Trump in part because he committed last year to “support the Republican nominee.” Cruz said he also chose to publicly back Trump because Clinton's support for the transition and her other policy positions are “wholly unacceptable.”

Neustar said it will auction 20 premium domain names on the .nyc top-level domain Oct. 24-27. The .nyc auction will be restricted to businesses, citizens and organizations with a physical address in New York City's five boroughs, Neustar said in a news release. The domains up for auction are associated with construction, gardening, home improvement, interior design and real estate, the domain name registry said. The auction is to begin at 2 p.m. Oct. 24.

Cybercriminals are taking advantage of “lax” IoT device security in home networks and consumer connected devices to spread malware and create “zombie” networks, or “botnets,” said a Symantec report Thursday. Cybercriminals are “hijacking” home networks and connected devices to help carry out distributed denial of service (DDoS) attacks on more profitable targets, typically large companies, by “stitching together a large web of consumer devices that are easy to infect because they lack sophisticated security,” said Symantec. More than half of all IoT attacks originate from China and the U.S., based on the location of IP addresses used to launch malware attacks, it said. High numbers of attacks also are originating in Germany, the Netherlands, Russia, Ukraine and Vietnam, though attackers may use proxy IP addresses to hide their true location, it said. Most IoT malware targets non-PC embedded devices such as web servers, routers, modems, network attached storage devices, closed-circuit television systems, and industrial control systems, said Symantec. Attackers are aware of insufficient IoT security, it said, and many program their malware with commonly used and default passwords, allowing them to easily hijack IoT devices. Poor security on many IoT devices makes them easy targets, and victims often don’t know they've been infected. Attackers tend to be less interested in the victim, hoping instead to hijack a device to add it to a botnet, most of which are used to perform DDoS attacks, it said. IoT devices are a prime target because they're designed to be plugged in and forgotten after basic set-up, Symantec said. The most common passwords IoT malware used to attempt to log into devices involved “root” and “admin,” an indication, said the company, “that default passwords are frequently never changed.”

A coalition of 17 consumer and privacy groups is supporting a complaint by the Center for Digital Democracy and Electronic Privacy Information Center urging the FTC to investigate -- and enjoin -- WhatsApp's privacy policy changes that would permit the sharing of some user information with parent Facebook (see 1609070022 and 1608250027). In a Thursday letter to Chairwoman Edith Ramirez, the groups, including CDD and EPIC, said WhatsApp's policy change would violate previous commitments not to use or disclose user phone numbers and other personal information for marketing purposes when Facebook acquired the messaging service in 2014. "WhatsApp's reversal on this promise is a material, retroactive change that will apply to previously collected data," the letter said. "Contrary to FTC policy, WhatsApp does not intend to provide clear notice or obtain customers' affirmative express consent -- i.e., opt-in consent -- before implementing these changes for previously collected information." The coalition said the changes are "buried" in WhatsApp's lengthy revised policy, giving consumers 30 days to opt-out. The groups -- including Consumer Federation of America, Consumer Watchdog, Demand Progress, Privacy Rights Clearinghouse and U.S. Public Interest Research Group -- also said the EU is investigating the changes. An FTC spokesman declined to comment.

Yahoo confirmed that at least 500 million user accounts were compromised in late 2014, possibly by a state-sponsored actor, resulting in the possible theft of users' names, email addresses, phone numbers, birth dates, hashed passwords and encrypted and unencrypted security questions and answers. "The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected," wrote Chief Information Security Officer Bob Lord in a Thursday blog post. Lord said there's no evidence the state-sponsored actor is still in the network, but the company is working with law enforcement in an investigation. The company, which also provided FAQs about the breach, said it's strengthening network security and provided instructions for users to improve their account security. A spokesman for Verizon, which announced in July that it's acquiring Yahoo for $4.83 billion in cash (see 1607250016), tweeted Thursday that it was notified "with the last two days" of the incident, but has "limited information and understanding" beyond that there's an ongoing investigation.

Retailers must not only design security into their devices but also into consumer data "from initial acceptance, through transit to the data center and while in storage," wrote Michelle Tinsley, Intel director-mobility and payment security, in a Wednesday blog post. As the IoT becomes more prevalent, retailers are collecting more data about their customers to provide personalized services and products, but risks also are prevalent, she said. Tinsley said 13.1 million Americans were victims of identity theft in 2015, citing Javelin Research. "Typically it takes a consumer six months and $4,000 to clear the errors from their credit record," she wrote. One answer, she added, is encrypting the data from source to storage. Tinsley will join Jeff Zubricki, Walmart director-global public policy, to discuss the issue at an Electronics Transactions Association event Thursday.

FedEx is “deep into planning” for what it expects will be “another record peak holiday shipping season” for e-commerce packages, CEO Frederick Smith said on an earnings call. “Last year, we experienced 15 percent growth in peak season volume and delivered more than 325 million packages.” FedEx will dedicate six temporary facilities to oversized packages for peak holiday demand, said FedEx Ground CEO Henry Maier in Q&A on Tuesday's call.

Tech Data Corp. agreed to pay $2.6 billion for Avnet’s Technology Solutions unit in a stock-and-cash transaction, Avnet said Monday in a news release. The unit is a distributor of IT services, including cloud and data center services. The companies, which have been competitors, also plan to partner on IoT services, Avnet said.

Autonomic debuted a music streamer, using the company’s eAudioCast audio-over-Ethernet technology, that’s designed to make it easier for integrators to bring streaming capability to wired Autonomic whole-home audio systems. The streamer gives integrators a new entry-level offering in a single- or dual-stream solution that works with any Autonomic eSeries amplifier or as a single-stream music player within a third-party control system, Aaron Chisena, global sales director, told us in Dallas at the CEDIA show.