As we run quite a few machines with Ubuntu installed and we don't want to update each one ourselves, we installed the package unattended-upgrades which updates the package lists and upgrades the installed packages periodically.

To enable unattended-upgrades, add the following lines to /etc/apt/apt.conf.d/10periodic:

APT::Periodic::Enable "1";
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "15";
APT::Periodic::Unattended-Upgrade "1";
APT::Periodic::RandomSleep "1800";

and change the beginning of /etc/apt/apt.conf.d/50unattended-upgrades to:

Unattended-Upgrade::Allowed-Origins {
        "${distro_id}:${distro_codename}-security";
        "${distro_id}:${distro_codename}-updates";
        "${distro_id}:${distro_codename}-proposed";
        "${distro_id}:${distro_codename}-backports";
        "Canonical:${distro_codename}";
};

The last line is required if you use software from Canonical's partner program (e.g., adobe-flash) and want it to be updated automatically as well.

Please note: if you are using an unreleased version of Ubuntu, you might need to add "${distro_id}:${distro_codename}"; in order to receive all updates.

However, this list does not automatically include other custom repositories like PPAs. You can use this script to generate a complete list for all your enabled APT sources.