Abstract
Pulp and Paper Companies collaborate to monitor and monetize waste and create value from their by-products. This process of Industrial Symbiosis requires the creation and maintenance of trusted and transparent relationships between all entities participating in these networks, which is a constant challenge. In this context, a blockchain-based system can help in establishing and maintaining these networks, serving as a ground truth between companies operating at a national or a global scale. This paper proposes a scalable and modular blockchain architecture design using smart contracts to enhance the industrial symbiosis process of the Pulp, Paper, and Cardboard Production Sector companies in Portugal. This design comprehends all entities participating in the network. The implementation of this design assumes the use of a permissioned ledger built using Hyperledger Fabric to provide the required trust and transparency between all entities.

Abstract
The Malware Information Sharing Platform (MISP) enables the sharing of cyberthreat information within a community, company or organisation. However, this platform presents limitations if its information is deemed as classified or shared only for a given period of time. This implies that this information should to be handled only in encrypted form. One solution is to use MISP with searchable encryption techniques to impose greater control over the sharing of information. In this paper, we propose a controlled information sharing functionality that features a synchronisation procedure that enables classified data exchange between MISP instances, based on policies and ensuring the required confidentiality and integrity of the shared data. Sequence charts are presented validating the configuration, the data synchronisation, and the data searching between multiple entities.

Abstract
Messaging services are usually provided within social network platforms and allow these platforms to collect additional information about users, such as what time, for how long, with whom, and where a user communicates. This information allows the identification of users and is available to the messaging service provider even when communication is encrypted end-to-end. Thus, a gap still exists for alternative messaging services that enable anonymous and confidential communication and that are independent of a specific online service. Online services can still be used to support this messaging service, but in a way that enables users to communicate anonymously and without the knowledge and scrutiny of the online services. In this paper, we propose messaging using steganography and online services to support anonymous and confidential communication. In the proposed messaging service, only the sender and the receiver are aware of the existence of the exchanged data, even if the online services used or other third parties have access to the exchanged secret data containers. This work reviews the viability of using existing online services to support the proposed messaging service. Moreover, a proof-of-concept of the proposed message service is implemented and tested using two online services acting as proxies in the exchange of encrypted information disguised within images and links to those images. The obtained results confirm the viability of such a messaging service. © 2022 by the authors.

Abstract
[No abstract available]

Abstract
Cyberattacks exploit deceptions involving the Domain Name Service (DNS) to direct users to fake websites, such as typosquatting attacks, which exploit natural typographical errors, and homograph attacks, where different Unicode characters resemble the legitimate ones. The deception attacks may also exploit the confusion between DNS domain names, specifically Top-Level Domains (TLDs), and file extensions. Recently, two new TLDs were added, zip and mov, sharing names with certain file types. This overlapping can be explored by malicious actors in a range of threat scenarios to compromise user security. This paper provides an overview of threats originating from the confusion between specific TLDs and file extensions, such as the recent zip and mov. The threats are grouped into 6 threat scenarios that are described and discussed. This research can be part of a more comprehensive strategy that includes addressing the risks associated with these threats and designing future strategies to address the threats associated with exploiting this ambiguity.

Abstract
Securing web applications against open redirect vulnerabilities is important for protecting users from malicious redirection and phishing attacks. Open Redirect attacks occur when a malicious actor manipulates a link on a vulnerable web-site to redirect users to a malicious destination, often disguised as legitimate. This paper proposes a Google Chrome extension named Open Redirect Analysis Tool (ORAT), a tool that analyses a website for potential open redirect attacks. ORAT enables the detection of such vulnerabilities directly within the browser. It uses a straightforward interface and it simplifies the process of scanning web applications for unsafe redirects by applying a curated set of test payloads to uncover vulnerabilities, from the obvious to the subtle ones. The tests show that ORAT can identify and present open redirect vulnerabilities. Also, a discussion is provided about the limitations encountered, such as the scope of testing payloads and browser specificity, and a roadmap for future iterations of the proposed tool is proposed. By advancing the capabilities for early detection of redirect vulnerabilities, ORAT contributes to the set of tools available to cybersecurity practitioners and web developers, aiming to foster a secure online environment. © 2024 IEEE.