Abstract
Vulnerability scanning tools can help secure the computer networks of organisations. Triggered by the release of the Tsunami vulnerability scanner by Google, the authors analysed and compared the commonly used, free-to-use vulnerability scanners. The performance, accuracy and precision of these scanners are quite disparate and vary accordingly to the target systems. The computational, memory and network resources required be these scanners also differ. We present a recent and detailed comparison of such tools that are available for use by organisations with lower resources such as small and medium-sized enterprises. © 2021, IFIP International Federation for Information Processing.

Abstract
Due to its pervasive nature, the Internet of Things (IoT) is demanding for Low Power Wide Area Networks (LPWAN) since wirelessly connected devices need battery-efficient and long-range communications. Due to its low-cost and high availability (regional/city level scale), this type of network has been widely used in several IoT applications, such as Smart Metering, Smart Grids, Smart Buildings, Intelligent Transportation Systems (ITS), SCADA Systems. By using LPWAN technologies, the IoT devices are less dependent on common and existing infrastructure, can operate using small, inexpensive, and long-lasting batteries (up to 10 years), and can be easily deployed within wide areas, typically above 2 km in urban zones. The starting point of this work was an overview of the security vulnerabilities that exist in LPWANs, followed by a literature review with the main goal of substantiating an attack vector analysis specifically designed for the IoT ecosystem. This methodological approach resulted in three main contributions: (i) a systematic review regarding cybersecurity in LPWANs with a focus on vulnerabilities, threats, and typical defense strategies; (ii) a state-of-the-art review on the most prominent results that have been found in the systematic review, with focus on the last three years; (iii) a security analysis on the recent attack vectors regarding IoT applications using LPWANs. Results have shown that LPWANs communication technologies contain security vulnerabilities that can lead to irreversible harm in critical and non-critical IoT application domains. Also, the conception and implementation of up-to-date defenses are relevant to protect systems, networks, and data.

Abstract
Changing mobility behaviors in academia - such as encouraging the use of bicycles - can help to reduce CO2 emissions since trips made by car or motorbikes tend to effectively reduce. Additionally, by obtaining mobility-related data we can infer patterns, optimize mobility and strengthen more sustainable habits within academia. In this paper, we propose a secure LoRa-based tracking system for the BIRA bicycle. The BIRA bicycle is an initiative of Instituto Politecnico de Viana do Castelo (IPVC) that aims to promote bicycle usage on campus, by encouraging the adoption of more sustainable mobility habits within the institution. The proposed system consists of BIRA bicycles equipped with low-cost GPS trackers. The collected data is then transmitted using a LoRaWAN infrastructure to an application server, which is responsible for storing and serving the client application with several contextual information, such as location, route, speed, and battery level. The results have shown that the proposed system is a viable low-cost solution for tracking bicycles and users' habits at a campus or even a city level.

Abstract
Wireless, sensor and actuator technologies are often central to sensing or communication critical systems [...]

Abstract
The process of building and deploying Machine Learning (ML) models includes several phases and the training phase is taken as one of the most time-consuming. ML models with time series datasets can be used to predict users positions, behaviours or mobility patterns, which implies paths crossing by well-defined positions, and thus, in these cases, syntactic similarity can be used to reduce these models training time. This paper uses the case study of a Mobile Network Operator (MNO) where users mobility are predicted through ML and the use of syntactic similarity withWord2Vec (W2V) framework is tested with Recurrent Neural Network (RNN), Gate Recurrent Unit (GRU), Long Short-Term Memory (LSTM) and Convolutional Neural Network (CNN) models. Experimental results show that by using framework W2V in these architectures, the training time task is reduced in average between 22% to 43%. Also an improvement on the validation accuracy of mobility prediction of about 3 percentage points in average is obtained.

Abstract
The digital contact tracing applications are one of the many initiatives to fight the COVID-19 virus. Some of these Apps use the Exposure Notification (EN) system available on Google and Apple's operating systems. However, EN-based contact tracing Apps depend on the availability of Bluetooth interfaces to exchange proximity identifiers, which, if compromised, directly impact their effectiveness. This paper discloses and details the Advertising Overflow attack, a novel internal Denial of Service (DoS) attack targeting the EN system on Android devices. The attack is performed by a malicious App that occupies all the Bluetooth advertising slots in an Android device, effectively blocking any advertising attempt of EN or other Apps. The impact of the disclosed attack and other previously disclosed DoS-based attacks, namely Battery Exhaustion and Storage Drain, were tested using two target smartphones and other six smartphones as attackers. The results show that the Battery Exhaustion attack imposes a battery discharge rate 1.95 times higher than in the normal operation scenario. Regarding the Storage Drain, the storage usage increased more than 30 times when compared to the normal operation scenario results. The results of the novel attack reveal that a malicious App can prevent any other App to place their Bluetooth advertisements, for any chosen time period, thus canceling the operation of the EN system and compromising the efficiency of any COVID contact tracing App using this system.