I don't assume that at all. I mentioned Docker explicitly
and people are pulling Docker containers from untrusted sources with malware pre-installed, because they lack the experience that would tell them that pulling untrusted Docker containers and running them is a bad idea.
From the article itself, although they mention the CVE at the top, the real point they are making is that people
are deploying the products with poor defaults:
"as is typical with our findings, lots of companies are exposing their Kubernetes API with no authentication; inside the Kubernetes cluster"
Not to mention a bunch of NoSQL type db's you can easily search on Shodan if you wanted to have some fun.
So yes - the problem here is experience, or lack thereof, and not Kubernetes itself. The CVE can be patched. You can't patch inexperience - except with experience I suppose.
All I am saying is that there a lot of people who are downloading and deploying these products because of hype, who are unable or unwilling to secure them.
Sure, maybe your average garden variety Postgres or MySQL instances, and probably some MS-SQL as well. Companies that have a large investment in commercial RDBMS (eg. Oracle, DB2, etc) tend not to be so careless in my experience.
CEO of BinaryEdge here, ur 100% right. If I show you the queue of posts we have you'd see similar posts to this one just with different technologies that we have seen being infected or misused(etcd, docker, and about 10 or 20 more types of DB's).
VMs also have zero-days that have been exploited for cryptomining.