Recode | A Portland, Ore., woman’s claim that her Amazon Echo device secretly recorded a private conversation between her and her husband and sent it to an acquaintance of theirs has sparked questions about just how secure these smart speakers are. Here's Amazon's (very unlikely) explanation for why this happened.

Forbes | Last week, Talos Intelligence released a detailed report on a new breed of malware (VPNFilter) that targets network routers directly, instead of the devices hooked up to them. It's concerning because routers usually don't have malware intrusion countermeasures. The DOJ, in cooperation with the FBI, seized control of the domain the Sofacy Group was using for the botnet. This is good news for infected parties since the malware won't be able to restablish itself after communication has been interrupted. But for that to happen, you need to reboot your routers. The FBI and Department of Homeland Security have both issued statements requesting as much.

Motherboard | Owen Williams, a freelance developer, has been collecting the more embarrassing, silly, and downright lame attempts companies are making to comply with Europe's General Data Protection Regulation.

CIO | Who's in charge of IT security? To whom do they report? How big is their budget? CIO has answers.

Digital Trends | Learning the ins and outs of Google Drive takes time. Digital Trends has put together an in-depth guide to using the service's many functions, whether you're looking to share a file or access it offline.

BetaNews | There was concern recently when a couple of Alexa users found that the smart assistant built into their Amazon Echo had not only recorded a conversation they had been having, but had sent it to an acquaintance. If you want to check whether Alexa has been secretly/inadvertently recording you, here's how. If you find any recordings you want to ensure no one else hears, you can also delete them.

The Enterprisers Project | Some IT leaders seem to dread the topic of GDPR: One attendee at last week’s MIT Sloan CIO Symposium tweeted that the refreshing thing about the conference was that GDPR had not been mentioned. However, as with any regulatory change, preparation is key. The Enterprisers Project has rounded up their recent coverage to get you up to speed on preparation strategies, audit avoidance, likely pain points, and more.

Motherboard | When Amazon’s algorithms ban shoppers for returning too many items without warning, it isn’t just inconvenient. It removes people from participating in Amazon’s rapidly dominating economy. This threat sets a dangerous precedent of subtly encouraging us to change our behavior to appease its algorithms.

G Suite Updates | To help customers improve the security of their coexistence setups, Calendar Interop will now use a restricted set of known IPs to communicate with Exchange servers. By restricting Calendar Interop to this set of known IPs, G Suite customers can now block all incoming traffic (e.g., by setting up a firewall) to their on-premise Exchange servers, except for requests originating from Calendar Interop.

G Suite Updates | Google is upgrading how HTML boxes work on classic Sites. This will improve performance and security, but it may also change the look and feel of some embedded elements. Site editors may want to make some simple adjustments so embedded elements appear the way they want them to. Note that this only affects sites managed in classic Sites. Sites managed in new Sites are not affected.

G Suite Updates | As a reminder, Google is removing some Drive metrics from the Admin console Reports API starting today — May 29th, 2018. Specifically, they’re removing absolute count metrics, which have been replaced by activity-based metrics. This was announced a year ago, and the Admin console user interface was updated in October. The old metrics will no longer be available through the Reports API from May 29th.