2019 Q1 Social Media Trends
Back in February, we talked about a malicious container ‘break out’ vulnerability in runc (CVE-2019-5736), a universal command-line interface tool developed by Docker and used by Docker, Kubernetes and other containerization systems to spawn and run containers. That remains, to date, by far the most talked about vulnerability of 2019.
The chart below shows timelines of top 10 vulnerabilities of 2019 so far, based on total Twitter mentions. We have covered many of these in our weekly trending vulnerabilities updates.
It is interesting to note that:
- Based on our data, six of these CVEs have so far been linked to malware, targeted attacks, or exploitation in the wild (only about 2% of all vulnerabilities do ever get such links). These are:
- CVE-2019-5736: runc vulnerability affecting Docker and Kubernetes, described in our post from the week of February 11th
- CVE-2018-20250: winRAR 0-day path traversal vulnerability abused in multiple campaigns
- CVE-2019-6340: Drupal vulnerability we talked about the week of February 25th
- CVE-2019-5786: Google Chrome 0-day we talked about the week of March 11th
- CVE-2019-0808: Windows 0-day that was being chained with the Chrome vulnerability
- CVE-2019-0797: Windows 0-day vulnerability we talked about the week of March 18th
- Three of the CVEs in this list are yet to be disclosed in the NVD – CVE-2019-5786, CVE-2019-0808, and CVE-2019-0797 are all listed as reserved as of April 3rd, 2019.
Share your thoughts in our community!