Short Takes – 9-30-23

WATCH OUT! CVE-2023-5129 IN LIBWEBP LIBRARY AFFECTS MILLIONS APPLICATIONS. SecurityAffairs.com article. Pull quote: ““While the vulnerability initially seems to target Chromium-based applications, now that we know better, we understand that it possesses the potential to affect a much wider range of software and applications relying on the ubiquitous libwebp package for WebP codec functionality.” reads the analysis published by Rezilion. “This package stands out for its efficiency, outperforming JPEG and PNG in terms of size and speed. Consequently, a multitude of software, applications, and packages have adopted this library, or even adopted packages that libwebp is their dependency, creating a complex challenge when attempting to identify vulnerable systems. The sheer prevalence of libwebp extends the attack surface significantly, raising serious concerns for both users and organizations.”” The next Log4Shell???

House sends Senate bill to avert government shutdown. TheHill.com article. Pull quote: “Senate Minority Leader Mitch McConnell (R-Ky.) announced shortly before the House voted that members of his conference would not allow the upper chamber’s bipartisan continuing resolution (CR) to advance, deferring to the House plan. The Senate’s proposal would keep the government funded through Nov. 17 and it includes $5.99 billion in disaster relief and $6.15 billion in Ukraine aid.”

Pakistan nuclear weapons, 2023. TheBulletin.org article. Pull quote: “We estimate that Pakistan now has a nuclear weapons stockpile of approximately 170 warheads (See Table 1). The US Defense Intelligence Agency projected in 1999 that Pakistan would have 60 to 80 warheads by 2020 (US Defense Intelligence Agency 1999, 38), but several new weapon systems have been fielded and developed since then, which leads us to a higher estimate. Our estimate comes with considerable uncertainty because neither Pakistan nor other countries publish much information about the Pakistani nuclear arsenal.” Easy to forget that Pakistan was 5^th nuclear power before North Korea.

America’s Advanced Manufacturing Problem—and How to Fix It. AmericanAffairsJournal.com article. Pull quote: “The United States does not currently have the correct institutional infrastructure and accompanying operational mechanisms to support ad­vanced manufacturing. Industry, government, and academia are largely unlinked when it comes to advanced production technology and processes, and there is a similar lack of interagency coordination within the government. Pathways necessary for diffusing new technologies and getting them to market are missing, including a lack of scale-up financing mechanisms. The vocational education system has withered as has the corporate lab system.”

First-of-Its Kind Dataset Shows Future Flooding Risk at Neighborhood Level. HomelandSecurityNewswire.com article. Pull quote: “A new data portal, the Climate Risk and Resilience Portal (ClimRR), houses all the data from these [flood risk] simulations for the continental United States. ClimRR was recently launched at Argonne with support from AT&T and FEMA and won a 2023 Climate Leadership Award and an R&D 100 Award.”

The Southern Border Poses Terrorism Risks. Homegrown Threats Still Loom Larger. HomelandSecurityNewswire.com article. Pull quote: “Most modern acts of American terrorism directed or inspired by foreign terrorist organizations—such as ISIS-inspired attacks in the cities of San Bernardino, Orlando, and New York between 2015 and 2017—are instead committed by “homegrown” legal immigrants or U.S. citizens. This was in fact a deliberate strategy pursued by groups such as the self-proclaimed Islamic State, which calculated—correctly—that it would be far easier to inspire lone actors in the United States than attempt to send operatives into the country.”

Requests for Comments; Clearance of a Renewed Approval of Information Collection: Survey of Uncrewed-Aircraft-Systems Operators. Federal Register FAA 60-day ICR notice. Summary: “The information collection involves a survey of uncrewed-aircraft-systems (UAS) operators within the United States. The information gathered through the survey's questionnaire on flight behavior and fleet characteristics is used to inform UAS rule making and guide investment in UAS research and infrastructure. This renewal seeks to continue the survey and improve the survey design to increase the generalization of survey results.”