Three security researchers have discovered a variation to an old cryptographic attack that can be exploited to obtain the private encryption key necessary to decrypt HTTPS traffic under certain conditions. The new attack is a variation of the Bleichenbacher attack on the RSA algorithm discovered almost two decades ago. 27 out of the Alexa Top 100 sites are vulnerable to the ROBOT attack, according to the research team. Vulnerable sites include Facebook and PayPal, but other sites outside of the Top 100 may be vulnerable. The ROBOT research team and US-CERT recommend that owners of vulnerable devices disable TLS session key RSA encryption on their device.
Source: https://www.bleepingcomputer.com/news/security/variation-of-19-year-old-cryptographic-attack-affects-facebook-paypal-others/